Business SMS in Canada: CASL, 10DLC Registration, and Why Unregistered Messages Disappear

Your SMS program is sending. Your platform dashboard shows messages delivered. And somewhere between your server and a Rogers or Bell subscriber's phone, a portion of that traffic is being filtered, throttled, or silently dropped because your number is unregistered A2P traffic on a domestic Canadian carrier.

Business SMS in Canada is governed by the Canadian Anti-Spam Legislation (CASL), which generally requires consent before sending commercial electronic messages to Canadian recipients, with penalties up to $10 million per violation. CASL recognizes express consent, implied consent, and a number of statutory exceptions depending on the relationship and message type. Separately, Canadian carriers enforce registration requirements for 10-digit long code numbers, and unregistered A2P traffic faces active filtering even where registration is not technically mandated. Organizations sending SMS into Canada need to address both layers or risk messages that look sent but do not arrive.

CASL is widely considered the strictest anti-spam law in the world. Unlike the US CAN-SPAM Act, which operates on an opt-out basis, CASL generally requires consent before the first commercial message is sent, though the legislation recognizes both express and implied consent and several statutory exceptions depending on the circumstances.

CASL: the consent framework that organizations consistently underestimate

CASL applies to any commercial electronic message (CEM) sent from, within, or into Canada. That means SMS, email, and instant messages are all covered. It means organizations based outside Canada must comply if they are messaging Canadian recipients. It means charities, nonprofits, and B2B senders are all included. The legislation does not carve out categories by organization type or message channel.

The core requirements are three: obtain consent, identify yourself in every message, and include a working unsubscribe mechanism. All three must be in place before you send anything commercial.

Express consent under CASL requires the recipient to take a positive action: a form submission, a verbal agreement, an in-person signup. Checkboxes must be unchecked by default. You cannot send a message asking someone for consent, because that request is itself a commercial electronic message, which requires prior consent to send. The logical implication is that your consent collection has to happen through a channel that is not the one you are asking permission to use, at the point of a real interaction such as a purchase, a registration, or a service signup.

Implied consent is allowed in limited circumstances. An existing business relationship, a purchase or contract within the past two years, or a service inquiry within the past six months can establish implied consent. But implied consent expires. After the relevant window, you either have express consent or you have nothing. Organizations that run large contact lists with implied consent at the base and no re-consent workflow are building a ticking clock into their compliance position.

Identification in every message means identifying the sender and including prescribed contact information, including a mailing address and either a phone number, email, or website. For SMS where character count is a constraint, standard practice is to append "Info: [link]" pointing to a page carrying the full required details.

Unsubscribe must be honored within 10 business days. The mechanism must be low cost or free to the recipient, must not require them to log into an account or provide additional personal information, and must remain functional for at least 60 days after the message is sent. The CRTC's CASL FAQ provides further detail on consent types, identification requirements, and unsubscribe obligations. Consent records must be kept for three years after the relevant business relationship ends. If CRTC enforcement ever comes knocking, the burden of proof is on the sender to demonstrate consent existed.

What CASL does not cover: the employee communications distinction

One of the most practically relevant exemptions for operators in logistics, field services, construction, and transport is that CASL does not apply to non-commercial messages between an employer and its employees. Operational communications sent from an organization to its own staff, shift alerts, safety notifications, route changes, check-in workflows, dispatch messages, do not carry the consent obligations that commercial marketing messages do.

This matters because a significant share of SMS programs in Canadian industries like trucking, freight, and field services are operational in nature rather than commercial. A fleet operator messaging drivers about route assignments is not sending a CEM. A logistics company sending welfare check pings to field workers is not running a marketing campaign. Those programs need to be designed and documented correctly to sit clearly on the right side of the CASL boundary, but they are not subject to the same opt-in consent architecture as a customer marketing program.

The compliance picture for those programs is instead shaped by occupational health and safety obligations, the need for auditable delivery records, and the operational requirement to prove a worker received and acknowledged a safety communication. We have covered that specific compliance landscape for Canadian fleet operators in detail in our post on safety alert records and dispatcher accountability. The distinction between operational and commercial SMS is worth understanding clearly before designing either program.

10DLC in Canada: registration, carrier filtering, and the deliverability reality

10DLC stands for 10-Digit Long Code, the standard local phone number format used for most business SMS in North America. The registration framework that governs how these numbers can be used for A2P (application-to-person) messaging is more complex in Canada than most guides acknowledge, because the rules differ depending on what direction your messages are traveling.

Canadian numbers sending to US recipients must be A2P registered without exception, for both new and existing numbers. US carriers including AT&T, T-Mobile, and Verizon enforce this at the network level. Unregistered Canadian numbers sending to US subscribers are throttled or blocked. There is no grace period and being a Canadian organization does not exempt you from the requirement, because the rules apply based on where the message is delivered, not where the sender is located.

Canadian numbers sending to Canadian recipients only have a registration requirement tied to when the number was purchased. Numbers acquired before March 26, 2025 are not currently required to undergo A2P registration for domestic traffic. Numbers purchased on or after that date require either A2P registration or persona verification before sending to Canadian subscribers.

There is a separate deliverability reality that sits underneath the formal registration requirement. Rogers, Bell, and Telus all apply spam filtering to unregistered A2P traffic. Canadian carriers have historically set low informal volume caps on unregistered long codes, with some carrier guidance indicating thresholds as low as 100 to 250 messages per day per number. If your program exceeds those thresholds, or if your traffic pattern triggers carrier filters regardless of volume, messages fail silently. Your platform logs them as sent. Your recipients never see them.

A2P registration does not replace CASL compliance. The two systems address different problems. Registration manages how your traffic is classified and treated by carrier infrastructure. CASL governs the legal basis on which you are allowed to send in the first place. A registered number sending messages without proper consent is still in violation of CASL. An unregistered number sending messages with perfect consent documentation will still face carrier filtering.

Toll-free numbers operate under different rules and are not subject to the 10DLC registration requirements described above. They are a practical alternative for some use cases, particularly programs that need higher throughput or do not require a local area code.

Number type and its operational consequences

The choice between a 10-digit local number, a toll-free number, and a dedicated short code is not just a procurement decision. Each carries different carrier treatment, different throughput limits, and different perceptions for recipients.

Local 10-digit numbers register under A2P 10DLC, offer moderate throughput when properly registered, and appear as a local number to the recipient. For programs where a local presence matters, or where two-way messaging is part of the workflow, a registered local number is typically the right foundation.

Toll-free numbers bypass the 10DLC framework and can support higher send volumes. They are widely used for transactional programs like delivery notifications and appointment reminders. Recipients see a 1-800 or similar number rather than a local code.

Short codes, the 5 or 6-digit numbers used by major banks, retailers, and brands for high-volume campaigns, offer the highest throughput and carrier reliability but require a longer provisioning process and dedicated agreements with each Canadian carrier.

For most operational programs in logistics, field services, and customer communications, a registered local 10-digit number or a toll-free number is the practical starting point. Short codes become relevant when you are running campaigns at volume that exceeds what long codes can handle reliably.

Building for Canada: what the compliance and delivery picture requires together

The programs that run reliably in Canada share a few structural characteristics. Consent is collected and documented at the point of a real interaction, not assumed from a list. Express consent is the default, not implied. Contact records carry a consent timestamp, source, and channel. Opt-outs are processed automatically, within the 10-business-day window, and the suppression list is the source of truth that every send is checked against before messages go out.

On the carrier side, numbers are registered before campaigns launch. For any program touching US recipients at any point, A2P registration is in place before the first message is sent. The platform used to send can distinguish between traffic types and route accordingly, because a single outbound-only platform with no delivery status visibility is not a compliance tool, it is a liability.

Two-way messaging matters in Canada for the same reason it matters anywhere a compliance record has value. When a STOP reply comes in, it needs to be captured, logged, and acted on automatically. When a driver replies to a dispatch alert, that reply is a record. When a field worker sends an acknowledgment keyword back, the timestamp on that inbound message is the proof that the worker received and responded to the communication. Most messaging platforms are built to talk, not to listen, and in a regulated environment that architectural gap becomes a compliance exposure.

Route flexibility matters too. Carriers in Canada do change their filtering behavior, and a program locked into a single provider with no ability to evaluate alternatives is exposed when that provider's route degrades or their traffic classification shifts. The same logic that applies to carrier lock-in in Africa applies in Canada, just at different price points and with different regulatory drivers. Your workflow, your consent records, and your suppression list should be assets your organization controls, not dependencies that keep you at one provider's table.

Telerivet operates as the orchestration layer above connectivity, with direct route options including Twilio and Vonage for Canadian traffic, BYOC support for organizations that have their own carrier relationships, and two-way messaging capability that handles inbound replies as a native part of the workflow rather than an afterthought. For Canadian logistics and field operations programs specifically, the combination of outbound broadcast, delivery confirmation, and automated acknowledgment logging provides the features that support how organizations document their messaging programs and help demonstrate how communications were sent and received.

What channel should Canadian operators use alongside SMS?

Canada is a high-smartphone, high-data market. WhatsApp has meaningful adoption in certain communities and demographics. RCS is growing across Canadian carrier networks. SMS remains the dominant channel for operational and transactional communications, reaching every mobile subscriber regardless of data plan or device type.

For most Canadian programs, the right design is not a single channel but a deliberate sequence. SMS as the primary operational channel, WhatsApp or RCS as a richer format option for audiences where those channels are established, voice as the fallback when a message has not been acknowledged and the stakes are high enough to warrant a call. The knowledge base guide on channel selection covers how to make those decisions for a mixed audience. The failover post covers what the sequencing looks like in practice.

Frequently asked questions

Does CASL apply to my organization if I am based outside Canada? Yes. CASL applies to any commercial electronic message sent to a recipient in Canada, regardless of where the sending organization is located. If you message Canadian customers, employees for commercial purposes, or contacts, CASL applies to you.

Do I need to register my Canadian phone number under 10DLC? It depends on what you are sending and where. If you are sending any messages to US recipients from a Canadian 10-digit number, A2P registration is required. For Canadian-to-Canadian traffic, numbers purchased on or after March 26, 2025 require registration or persona verification. Older numbers used only for Canadian traffic are not currently required to register, but unregistered numbers still face carrier filtering that affects delivery rates in practice.

What is the difference between express and implied consent under CASL? Express consent means the recipient took a positive action to agree to receive messages from you, through a form, a verbal agreement, or an opt-in checkbox that was unchecked by default. Implied consent applies in limited circumstances, primarily existing business relationships within the past two years or recent service inquiries. Implied consent expires. Express consent does not expire but can be withdrawn at any time.

Do CASL consent requirements apply to employee safety and operational communications? Not in the same way. CASL is designed to govern commercial electronic messages, and non-commercial communications between an employer and its own staff generally do not fall within its scope. Operational communications such as safety alerts, dispatch messages, and welfare checks are typically not commercial electronic messages. Organizations should document the nature of their programs clearly and consult legal advice for their specific situation.

How quickly do I need to process an opt-out request under CASL? Within 10 business days. The unsubscribe mechanism must be free or low-cost to the recipient, must not require account login or additional personal information, and must remain functional for at least 60 days after the message is sent. Consent records must be retained for three years.

This article provides general operational information and should not be considered legal advice. Organizations should consult qualified legal or data protection professionals regarding their specific obligations under CASL and Canadian telecommunications regulations.


Talk to our team about building a compliant SMS program for your Canadian operation across logistics, field services, or customer communications. Get in touch.

« Blog